AI Burnard

Burnard

"The friend who tells you what others won't"

Privacy Policy

How we collect, use, and protect your data

Last Updated: 2025.11.26

1. Introduction

Welcome to AI Burnard ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains how SEEDS FORGE LLC ("AI Burnard," "we," "our," or "us") collects, uses, discloses, and protects information when you use our website at https://aiburnard.com (the "Service"). By accessing or using our Service, you agree to this Privacy Policy.

Contact Email: support@aiburnard.com

2. Google API Services - Limited Use Disclosure

AI Burnard's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use Google OAuth 2.0 solely for user authentication purposes
  • We access only basic profile information: email address, display name, and profile picture
  • We do NOT request access to any Google Drive, Gmail, Calendar, or other Google service data
  • All data obtained from Google APIs is used exclusively to provide our AI chat service
  • We do NOT transfer Google user data to third parties except as necessary to provide or improve our Service, or as required by law
  • We do NOT use Google user data for serving advertisements
  • We do NOT allow humans to read Google user data unless:
    • We have your explicit consent for specific messages
    • It is necessary for security purposes (e.g., investigating abuse)
    • To comply with applicable law

3. Information We Collect

3.1 Information You Provide

Account Information (via Google OAuth):

  • Email address
  • Full name
  • Profile picture URL

Chat Messages:

  • Text content of your conversations with our AI
  • Timestamps of your interactions
  • Currently stored locally in your browser only
  • In the future, we may offer optional cloud storage via Supabase with your explicit consent

3.2 Automatically Collected Information

Technical Information:

  • IP address (processed by Cloudflare)
  • Browser type and version
  • Device type and operating system
  • Session identifiers and authentication tokens
  • Page views and navigation patterns

Cookies and Similar Technologies:

  • Authentication session cookies (essential for login functionality)
  • Session state management
  • We do NOT use advertising or tracking cookies

4. How We Use Your Information

We use collected information for the following purposes:

Service Provision:

  • Authenticate your identity via Google OAuth
  • Provide AI-powered conversational responses
  • Maintain your session state
  • Display your profile information in the user interface

Service Improvement:

  • Analyze usage patterns to improve AI response quality
  • Debug technical issues
  • Optimize performance and user experience

Communication:

  • Respond to your support inquiries
  • Send important service announcements (e.g., changes to our terms or privacy policy)
  • We will NEVER send marketing emails without your explicit opt-in consent

Legal Compliance:

  • Comply with applicable laws and regulations
  • Enforce our Terms of Service
  • Protect against fraud, abuse, and security threats

5. How We Share Your Information

We do NOT sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

5.1 Third-Party Service Providers

Polar.sh (Payment Processing & Merchant of Record):

  • Purpose:
    • Process subscription payments as Merchant of Record
    • Collect and remit international sales taxes (VAT, GST, Sales Tax)
    • Handle refunds, chargebacks, and billing disputes
    • Generate invoices and manage subscriptions
  • Data Shared:
    • Email address (for order confirmation and receipts)
    • Payment information (processed directly by Polar via Stripe, NOT stored by us)
    • Purchase history and subscription status
    • Product fulfillment data (which subscription tier you purchased)
  • Legal Basis (GDPR): Contract performance and legal compliance
  • Privacy Policy: https://polar.sh/legal/privacy
  • Data Processing Agreement: Available at https://polar.sh/legal/dpa
  • Important: When you make a purchase, you enter into a contract with Polar.sh (not AI Burnard). Polar processes your payment data directly and shares only necessary fulfillment data with us to provide your subscription service.

5.2 Legal Requirements

We may disclose your information if required by law, legal process, or governmental request, including:

  • Compliance with court orders or subpoenas
  • Protection of our legal rights
  • Investigation of fraud, security issues, or violations of our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

6. Data Storage and Security

6.1 Storage Locations

Current Architecture:

  • Chat messages: Stored locally in your browser (localStorage)
  • Authentication tokens: Managed by Supabase (hosted in the United States)
  • Service infrastructure: Cloudflare Workers (globally distributed)

Future Enhancement:

  • Optional cloud storage of chat history via Supabase (with your explicit consent)

6.2 Security Measures

We implement industry-standard security practices:

  • Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
  • Encryption at Rest: Database encryption via Supabase
  • Authentication: Secure OAuth 2.0 flow with JWT tokens
  • Access Control: Principle of least privilege for system access
  • Monitoring: Automated security monitoring and logging

Important: No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

7. Data Retention

Chat Messages (Current - Local Storage):

  • Retained in your browser until you manually clear them
  • Automatically cleared if you clear your browser data

Chat Messages (Future - Optional Cloud Storage):

  • Retained for 30 days from last activity
  • Automatically deleted after 30 days of inactivity
  • You may manually delete at any time

Account Information:

  • Retained as long as your account is active
  • Deleted within 30 days of account deletion request

Authentication Tokens:

  • Session tokens: Valid for 60 minutes
  • Refresh tokens: Valid for 7 days
  • Automatically invalidated upon logout

7.3 Payment and Billing Data

Data Stored by Polar.sh (NOT by AI Burnard):

  • Payment Information: Credit card details, billing address, and payment method information are stored exclusively by Polar.sh and their payment processor (Stripe). We never have access to your full payment card number.
  • Transaction History: Records of all transactions, invoices, and receipts are managed by Polar.sh.
  • Retention Period: Polar.sh retains transaction data in accordance with their legal obligations, typically 7 years for tax compliance purposes (as required by tax authorities in various jurisdictions).

Data Stored by AI Burnard:

  • Order Fulfillment Data: We store your email address, subscription status (active/cancelled), subscription tier, and purchase date to provide you with access to paid features.
  • Retention Period: As long as your account is active, or as required to provide ongoing service.
  • Deletion: When you delete your account, we will delete our copy of fulfillment data within 30 days. However, Polar.sh may retain transaction records for legal compliance even after you delete your account with us.

Your Rights:

  • To access your payment data held by Polar.sh, visit their customer portal or contact Polar support.
  • To delete your account data held by AI Burnard, email support@aiburnard.com with the subject "Account Deletion Request".

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 Access and Portability

  • Right to Access: Request a copy of your personal data
  • Data Portability: Receive your data in a structured, machine-readable format (JSON)
  • To request: Email support@aiburnard.com with subject "Data Access Request"

8.2 Correction and Deletion

  • Right to Correction: Update inaccurate information via your account settings
  • Right to Deletion: Request complete deletion of your account and data
  • To request deletion: Email support@aiburnard.com with subject "Account Deletion Request"
  • Deletion will be completed within 30 days

8.3 Consent Withdrawal

  • Google OAuth: You may revoke our access via Google Account Permissions
  • Future Cloud Storage: Opt-out at any time via account settings

8.4 Do Not Sell My Personal Information (CCPA)

  • We do NOT sell personal information
  • We do NOT share information for cross-context behavioral advertising

9. Children's Privacy

Our Service is NOT intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

Age Restriction: You must be at least 13 years old to use our Service.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at support@aiburnard.com.

10. International Data Transfers

Our Service is operated from the United States. If you access our Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For European Users (GDPR):

  • We rely on standard contractual clauses approved by the European Commission
  • Your data is protected by the same standards regardless of location

For California Users (CCPA):

  • See Section 8.4 for your specific rights under California law

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via email (if you have an account) and/or a prominent notice on our website
  • Continued use of our Service after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@aiburnard.com

Business Name: SEEDS FORGE LLC

Address: 30 N Gould St Ste N, Sheridan, WY 82801 USA

Response Time: We will respond to your inquiry within 7 business days.

For data protection inquiries from European users, you may also contact your local data protection authority.

Appendix: Third-Party Links

This Privacy Policy applies only to our Service. Our Service may contain links to third-party websites (e.g., Google's OAuth consent screen). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

Effective Date: 2025.11.26

© 2025 AI Burnard. All rights reserved.